Bogus e-tickets used to snare KLM airline passengers

Email requests customers to click on a malicious attachment

Passengers flying with Dutch carrier KLM have become the latest targets of a bogus but convincing e-ticket ruse that tries to persuade email users to click on a malicious attachment.

The form is really another type of notification spam, which has numerous examples going back at least a decade, with the two best known examples being a flood of bogus bank emails and UPS and Fedex tracking messages that are still in evidence today.

According to security firm Websense, this example is visually sophisticated enough that it might fool unwary passengers planning to fly with the airline in the near future.

The image used is an accurate facsimilie of a real e-ticket bar the itinerary which is the mechanism for tricking potential victims into clicking on the attachment. That comes with a Trojan payload identical to ones used in bogus campaigns hijacking the Microsoft and Telstra brands for much the same purpose.